Hacking Your Phone

On April 18, 2016 | No Comments

The following book is from “Hacking Your Phone” that aired on Apr 17, 2016. Sharyn Alfonsi is a correspondent. Howard L. Rosenberg and Julie Holstein, producers.

A lot of complicated life is companion by a Internet of things — a tellurian sovereignty of billions of inclination and machines. Automobile navigation systems. Smart TVs. Thermostats. Telephone networks. Home confidence systems. Online banking. Almost all we can suppose is related to a universe far-reaching web. And a czar of it all is a smartphone. You’ve substantially been warned to be clever about what we contend and do on your phone, though after we see what we found, we won’t need to be warned again.

We listened we could find some of a world’s best hackers in Germany. So we headed for Berlin. Just off a smart transport and by this alley we rang a bell during a doorway of a former factory. That’s where we met Karsten Nohl, a German hacker, with a doctorate in mechanism engineering from a University of Virginia.

Sharyn Alfonsi, left, and Karsten Nohl, a German hacker,

CBS News

We were invited for a singular demeanour during a middle workings of confidence investigate labs. During a day, a lab advises Fortune 500 companies on mechanism security. But during night, this general organisation of hackers looks for flaws in a inclination we use everyday: smartphones, USB sticks and SIM cards. They are perplexing to find vulnerabilities before a bad guys do, so they can advise a open about risks. At mechanism terminals and work benches versed with micro lasers, they physically and digitally mangle into systems and devices.

Sharyn Alfonsi: Is one phone some-more secure than another? Is an iPhone some-more secure than an Android?

Karsten Nohl: All phones are a same.

Sharyn Alfonsi: If we usually have somebody’s phone number, what could we do?

Karsten Nohl: Track their whereabouts, know where they go for work, that other people they accommodate when– You can perspective on whom they call and what they contend over a phone. And we can review their texts.

We wanted to see either Nohl’s organisation could indeed do what they claimed — so we sent an off-the-shelf iPhone from 60 Minutes in New York to Representative Ted Lieu, a congressman from California. He has a mechanism scholarship grade from Stanford and is a member of a House cabinet that oversees information technology. He concluded to use a phone to speak to his staff meaningful they would be hacked and they were. All we gave Nohl, was a series of a 60 Minutes iPhone that we lent a congressman.

As shortly as we called Congressman Lieu on his phone, Nohl and his organisation were listening and recording both ends of a conversation.

Sharyn Alfonsi: I’m job from Berlin.

Sharyn Alfonsi: we consternation if we competence speak to we about this hacking story we’re operative on.

Karsten Nohl: What hacking story?

They were means to do it by exploiting a confidence smirch they detected in Signaling System Seven – or SS7. It is a little-known, though critical tellurian network that connects phone carriers.

Sharyn Alfonsi: Congressman appreciate we so many for assisting us…

Every chairman with a cellphone needs SS7 to call or calm any other. Though many of us have never listened of it.

Nohl says attacks on cellphones are flourishing as a series of mobile inclination explodes. But SS7 is not a approach many hackers mangle into your phone–

Those hacks are on arrangement in Las Vegas.

John Hering: “Three-days of uninterrupted hacking.”

John Hering, cofounder of Lookout

CBS News

That’s where John Hering guided us by an radical gathering where 20,000 hackers get together each year to share secrets and exam their skills.

John Hering: It’s proof what’s possible. Any complement can be damaged it’s usually meaningful how to mangle it.

Hering is a hacker himself, he’s a 30-something expert who cofounded a mobile confidence organisation “Lookout” when he was 23. Lookout has grown a giveaway app that scans your mobile phone for malware and alerts a user to an attack.

Sharyn Alfonsi: How expected is it that somebody’s phone has been hacked?

John Hering: In today’s universe there’s unequivocally only– dual forms of companies or dual forms of people that are those who have been hacked and comprehend it and those who have been hacked and haven’t.

Sharyn Alfonsi: How many do we consider people have been kind of ignoring a confidence of their cellphones, thinking, “I’ve got a passcode, we contingency be fine?”

“Any complement can be damaged it’s usually meaningful how to mangle it.”

John Hering: we consider that many people have not unequivocally suspicion about their phones as computers. And that that’s unequivocally starting to shift.

Sharyn Alfonsi: And that’s what we think– it’s like carrying a laptop now?

John Hering: Oh absolutely. we mean, your mobile phone is effectively a supercomputer in your pocket. There’s some-more record in your mobile phone than was in, we know, a space qualification that took male to a moon. we mean, it’s– it’s unequivocally unbelievable.

Sharyn Alfonsi: Is all hackable?

John Hering: Yes.

Sharyn Alfonsi: Everything?

John Hering: Yes.

Sharyn Alfonsi: If somebody tells you, “You can’t do it.”

John Hering: we don’t trust it.

John Hering offering to infer it — so he collected a organisation of ace hackers during a Las Vegas hotel. Each of them a dilettante in enormous mobile inclination and reckoning out how to strengthen them.

Adam Laurie: Would we put your income in a bank that didn’t exam their thatch on their safes? We need to try and mangle it to make certain a bad guys can’t.

Sharyn Alfonsi: How easy is it to mangle a phone right now?

Jon Oberheide: Very easy.

Adam Laurie: As you’ve seen, flattering trivial.

Sharyn Alfonsi: Do we need to bond to it? OK.

It started when we logged onto a hotel Wi-Fi — during slightest it looked like a hotel Wi-Fi. Hering had combined a spook version–it’s called spoofing.

Sharyn Alfonsi: we mean, this looks legitimate.

John Hering: It looks unequivocally legitimate. So you’re connected?

Sharyn Alfonsi: we am.

John Hering: And we have your email.

Sharyn Alfonsi: You have entrance to my email right now–

John Hering: Yeah. It’s entrance by right now. we indeed can s– we know have a ride-sharing focus adult here, all a information that’s being transmitted, including your comment ID, your mobile phone, that we usually got a mobile number. Then, some-more importantly, we have all a credit cards compared with– with that account.

Jon Oberheide forked out a biggest debility in mobile confidence is tellurian nature.

Jon Oberheide: With amicable engineering, we can’t unequivocally repair a tellurian element. Humans are gullible. They implement antagonistic applications. They give adult their passwords each day. And it’s unequivocally tough to repair that tellurian element.

John Hering warned us he could perspective on anyone by their possess phone as prolonged as a phone’s camera had a transparent view. We propped adult a phone on my table and set adult cameras to record a demonstration. First he sent me a calm summary with an connection to download.

John Hering: “We’re in business.”

Then Hering called from San Francisco and valid it worked.

John Hering: we commissioned some malware in your device that’s broadcasting video of your phone.

Sharyn Alfonsi: My phone’s not even illuminated up.

John Hering: we understand, yeah.

Sharyn Alfonsi: That’s so creepy.

Katie: It’s representation black for us.

In this case, when we downloaded a attachment, Hering was means to take control of my phone. But Congressman Lieu didn’t have to do anything to get attacked.

All Karsten Nohl’s organisation in Berlin indispensable to get into a congressman’s phone was a number. Remember SS7 –that little-known tellurian phone network we told we about earlier?

Karsten Nohl: I’ve been tracking a congressman.

There’s a smirch in it that authorised Nohl to prevent and record a congressman’s calls and lane his movements in Washington and behind home.

Karsten Nohl: The congressman has been in California, some-more privately a L.A. area, wizz in here a small bit, Torrance.

The SS7 network is a heart of a worldwide mobile phone system. Phone companies use SS7 to sell billing information. Billions of calls and calm messages transport by a arteries daily. It is also a network that allows phones to roam.

Sharyn Alfonsi: Are we means to lane his movements even if he moves a plcae services and turns that off?

Karsten Nohl: Yes. The mobile network eccentric from a small GPS chip in your phone, knows where we are. So any choices that a congressman could’ve made, selecting a phone, selecting a pin number, installing or not installing certain apps, have no change over what we are display since this is targeting a mobile network. That of course, is not tranquil by any one customer.

Sharyn Alfonsi: …despite him creation good choices. You’re still means to get to his phone.

Karsten Nohl: Exactly.

Karsten Nohl and his organisation were legally postulated entrance to SS7 by several general cellphone carriers. In exchange, a carriers wanted Nohl to exam a network’s disadvantage to attack. That’s since criminals have proven they can get into SS7.

Karsten Nohl: Mobile networks are a usually place in that this problem can be solved. There is no tellurian policing of SS7. Each mobile network has to move– to strengthen their business on their networks. And that is hard.

Nohl and others told us some U.S. carriers are easier to entrance by SS7 than others. 60 Minutes contacted a mobile phone trade organisation to ask about attacks on a SS7 network. They concurred there have been reports of confidence breaches abroad, though positive us that all U.S. cellphone networks were secure.

Congressman Lieu was on a U.S. network regulating a phone we lent him when he was partial of a hacking proof from Berlin.

Sharyn Alfonsi: we usually wish to play for we something we were means to constraint off of your phone.

Mark on recording: Hi Ted, it’s Mark, how are you?

Rep. Ted Lieu on recording: I’m good.

Mark on recording: we sent we some revisions on a minute to a N.S.A., per a information collection.

Rep. Ted Lieu: Wow.

Sharyn Alfonsi: What is your greeting to meaningful that they were listening to all of your calls?

Rep. Ted Lieu: They could hear any call of flattering many anyone who has a smartphone. It could be batch trades we wish someone to execute. It could be calls with a bank.

Karsten Nohl’s organisation automatically logged a series of each phone that called Congressman Lieu — that means there’s a lot some-more repairs that could be finished than usually intercepting that one phone call. A antagonistic hacker would be means to aim and conflict each one of a other phones too.

Sharyn Alfonsi : So give us an idea, but being too specific, of a forms of people that would be in a congressman’s phone.

Rep. Ted Lieu: There are other members of Congress– other inaugurated officials. Last year, a boss of a United States called me on my cellphone. And we discussed some issues. So if a hackers were listening in, they would know that phone conversation. And that’s immensely troubling.

Nohl told us a SS7 smirch is a poignant risk mostly to domestic leaders and business executives whose private communications could be of high value to hackers. The ability to prevent cellphone calls by a SS7 network is an open tip among a world’s comprehension agencies — -including ours — and they don’t indispensably wish that hole plugged.

“We live in a universe where we can't trust a record that we use.”

Sharyn Alfonsi: If we finish adult conference from a comprehension agencies that this smirch is intensely profitable to them and to a information that they’re means to get from it, what would we contend to that?

Rep. Ted Lieu: That a people who knew about this smirch and observant that should be fired.

Sharyn Alfonsi: Should be fired?

Rep. Ted Lieu: Absolutely.

Sharyn Alfonsi: Why?

Rep. Ted Lieu: You can't have 300-some million Americans– and really, right, a tellurian citizenry be during risk of carrying their phone conversations intercepted with a famous flaw, simply since some comprehension agencies competence get some data. That is not acceptable.

John Hering: I’d say, a normal chairman is not going to be unprotected to a form of attacks we showed we today. But a idea was to uncover what’s possible. So people can unequivocally know if we don’t residence confidence issues, what a state of a universe will be.

Sharyn Alfonsi: Which will be what?

John Hering: We live in a universe where we can't trust a record that we use.

This entrance upheld by a Full-Text RSS use – if this is your calm and you’re reading it on someone else’s site, greatfully review a FAQ during fivefilters.org/content-only/faq.php#publishers.